Sunday 29 January 2023
Home / none / North Korean hackers stealing NFTs using nearly 500 phishing domains

North Korean hackers stealing NFTs using nearly 500 phishing domains

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting nonfungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims.

Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects.

Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, X2Y2 and Rarible.

SlowMist said one of the tactics used was having these decoy websites offer “malicious Mints,” which involves deceiving the victims into thinking they are minting a legitimate NFT by connecting their wallet to the website.

However, the NFT is actually fraudulent, and the victim’s wallet is left vulnerable to the hacker who now has access to it.

The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites under a single IP and another 320 NFT phishing websites associated with another IP.

An example phishing website Source: SlowMist

SlowMist said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name came about seven months ago.

Other phishing tactics used included recording visitor data and saving it to external sites as well as linking images to target projects.

After the hacker was about to obtain the visitor's data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations and use of plug-in wallets, as well as sensitive data such as the victims’ approve record and sigData.

All this information then enables the hacker access to the victim’s wallet, exposing all their digital assets.

However, SlowMist emphasized that this is just the “tip of the iceberg,” as the analysis only looked at a small portion of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.

For example, SlowMist highlighted that just one phishing address alone was able to gain 1,055 NFTs and profit 300 Ether (ETH), worth $367,000, through its phishing tactics.

It added that the same North Korean APT group was also responsible for the Naver phishing campaign that was previously documented by Prevailion on March 15.

Related:Blockchain security firm warns of new MetaMask phishing campaign

North Korea has been at the center of various cryptocurrency theft crimes in 2022.

According to a news report published by South Korea’s National Intelligence Service (NIS) on Dec 22, North Korea stole $620 million worth of cryptocurrencies this year alone.

In October, Japan’s National Police Agency sent out a warning to the country’s crypto-asset businesses advising them to be cautious of the North Korean hacking group.

Original Article

About Jude Savage

Check Also

Solana price rally risks exhaustion after SOL’s 120% pump in two weeks

Solana (SOL) price is up an impressive 60% since the new year, partially boosted by hype surrounding meme cryptocurrency Bonk (BONK). However, the SOL/USD pair now shows signs of exhaustion, raising anticipations that the token may see a short-term correction in the coming days. Solana turns overboughtSolana is one of the best performing cryptocurrencies so far in 2023 after being one of the biggest losers in 2022. On Jan. 9, SOL's price jumped to as high as $19.50, or around 120% gains in a recovery rally after sliding below $8 on Dec. 29, 2022. But the price spik also turned Solana into an overbought asset, per its daily relative strength index (RSI) reading above 70, as shown below. SOL/USD daily price chart. Source: TradingViewTraditional investors typically see an overbought RSI as a potential sell signal, given the indicator has historically coincided with a period of buyer exhaustion. As a result, SOL's price could enter a correction or a sideways consolidation stag..

Leave a Reply

Your email address will not be published. Required fields are marked *